Back to skill

Security audit

Multi-Agent Governor

Security checks across malware telemetry and agentic risk

Overview

This skill provides bounded guidance and helper scripts for coordinating multi-agent work, with no evidence of hidden execution, exfiltration, or destructive behavior.

Install this if you want structured guardrails for multi-agent Codex work. Be aware it can activate on broad requests about saving time or parallelism, creates temporary run records under /tmp, and its optional usage script can read local Codex telemetry for registered threads to report token usage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to read and write files and to create state under /tmp, but it declares no explicit permissions or trust boundary for those capabilities. That mismatch can cause the platform or reviewer to underestimate what the skill can access or modify, increasing the chance of unintended file exposure or overwrite when the skill is triggered.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation conditions include broad natural-language phrases such as '并行', '省时间', and 'many agents', which are common in ordinary requests and could cause the skill to activate when the user did not intend orchestration behavior. In this skill's context, unintended activation is more dangerous because the skill can initiate multi-agent workflows, file operations, and temporary state creation, expanding the action surface without clear user consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.